Awesome
osixia/phpldapadmin
Latest release: 0.9.0 - phpLDAPadmin 1.2.5 - Changelog | Docker Hub
A docker image to run phpLDAPadmin.
- osixia/phpldapadmin
Quick start
Run a phpLDAPadmin docker image by replacing ldap.example.com
with your ldap host or IP :
docker run -p 6443:443 \
--env PHPLDAPADMIN_LDAP_HOSTS=ldap.example.com \
--detach osixia/phpldapadmin:0.9.0
That's it :) you can access phpLDAPadmin on https://localhost:6443
OpenLDAP & phpLDAPadmin in 1'
Example script:
#!/bin/bash -e
docker run --name ldap-service --hostname ldap-service --detach osixia/openldap:1.1.8
docker run --name phpldapadmin-service --hostname phpldapadmin-service --link ldap-service:ldap-host --env PHPLDAPADMIN_LDAP_HOSTS=ldap-host --detach osixia/phpldapadmin:0.9.0
PHPLDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" phpldapadmin-service)
echo "Go to: https://$PHPLDAP_IP"
echo "Login DN: cn=admin,dc=example,dc=org"
echo "Password: admin"
Beginner Guide
Use your own phpLDAPadmin config
This image comes with a phpLDAPadmin config.php file that can be easily customized via environment variables for a quick bootstrap, but setting your own config.php is possible. 2 options:
-
Link your config file at run time to
/container/service/phpldapadmin/assets/config/config.php
:docker run --volume /data/my-config.php:/container/service/phpldapadmin/assets/config/config.php --detach osixia/phpldapadmin:0.9.0
-
Add your config file by extending or cloning this image, please refer to the Advanced User Guide
HTTPS
Use autogenerated certificate
By default HTTPS is enable, a certificate is created with the container hostname (it can be set by docker run --hostname option eg: phpldapadmin.my-company.com).
docker run --hostname phpldapadmin.my-company.com --detach osixia/phpldapadmin:0.9.0
Use your own certificate
You can set your custom certificate at run time, by mounting a directory containing those files to /container/service/phpldapadmin/assets/apache2/certs and adjust their name with the following environment variables:
docker run --volume /path/to/certifates:/container/service/phpldapadmin/assets/apache2/certs \
--env PHPLDAPADMIN_HTTPS_CRT_FILENAME=my-cert.crt \
--env PHPLDAPADMIN_HTTPS_KEY_FILENAME=my-cert.key \
--env PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME=the-ca.crt \
--detach osixia/phpldapadmin:0.9.0
Other solutions are available please refer to the Advanced User Guide
Disable HTTPS
Add --env PHPLDAPADMIN_HTTPS=false to the run command :
docker run --env PHPLDAPADMIN_HTTPS=false --detach osixia/phpldapadmin:0.9.0
Fix docker mounted file problems
You may have some problems with mounted files on some systems. The startup script try to make some file adjustment and fix files owner and permissions, this can result in multiple errors. See Docker documentation.
To fix that run the container with --copy-service
argument :
docker run [your options] osixia/phpldapadmin:0.9.0 --copy-service
Debug
The container default log level is info.
Available levels are: none
, error
, warning
, info
, debug
and trace
.
Example command to run the container in debug
mode:
docker run --detach osixia/phpldapadmin:0.9.0 --loglevel debug
See all command line options:
docker run osixia/phpldapadmin:0.9.0 --help
Environment Variables
Environment variables defaults are set in image/environment/default.yaml
See how to set your own environment variables
-
PHPLDAPADMIN_LDAP_HOSTS: Set phpLDAPadmin server config. Defaults to :
- ldap.example.org: - server: - tls: true - login: - bind_id: cn=admin,dc=example,dc=org - ldap2.example.org - ldap3.example.org
This will be converted in the phpldapadmin config.php file to :
$servers->newServer('ldap_pla'); $servers->setValue('server','name','ldap.example.org'); $servers->setValue('server','host','ldap.example.org'); $servers->setValue('server','tls',true); $servers->setValue('login','bind_id','cn=admin,dc=example,dc=org'); $servers->newServer('ldap_pla'); $servers->setValue('server','name','ldap2.example.org'); $servers->setValue('server','host','ldap2.example.org'); $servers->newServer('ldap_pla'); $servers->setValue('server','name','ldap3.example.org'); $servers->setValue('server','host','ldap3.example.org');
All server configuration are available, just add the needed entries, for example:
- ldap.example.org: - server: - tls: true - port: 636 - force_may: array('uidNumber','gidNumber','sambaSID') - login: - bind_id: cn=admin,dc=example,dc=org - bind_pass: p0p! - auto_number: - min: 1000 - ldap2.example.org - ldap3.example.org
See complete list: http://phpldapadmin.sourceforge.net/wiki/index.php/LDAP_server_definitions
If you want to set this variable at docker run command add the tag
#PYTHON2BASH:
and convert the yaml in python:docker run --env PHPLDAPADMIN_LDAP_HOSTS="#PYTHON2BASH:[{'ldap.example.org': [{'server': [{'tls': True}]},{'login': [{'bind_id': 'cn=admin,dc=example,dc=org'}]}]}, 'ldap2.example.org', 'ldap3.example.org']" --detach osixia/phpldapadmin:0.9.0
To convert yaml to python online: http://yaml-online-parser.appspot.com/
If you would like to skip the display name == hostname element of the above use the PHPLDAPADMIN_LDAP_HOSTS_FRIENDLY environmental variable. This then uses the top most name as the display name of the server. You will then need to add host to the yaml within the server section. Note this is a global setting, if you do it for one server, you must do it for all. eg
- Primary: - server: - host: ldap-master.example.org - Backup: - server: - host: 192.168.0.100
Apache :
- PHPLDAPADMIN_SERVER_ADMIN: Server admin email. Defaults to
webmaster@example.org
- PHPLDAPADMIN_SERVER_PATH: Server path (usefull if behind a reverse proxy). Defaults to
/phpldapadmin
HTTPS :
- PHPLDAPADMIN_HTTPS: Use apache ssl config. Defaults to
true
- PHPLDAPADMIN_HTTPS_CRT_FILENAME: Apache ssl certificate filename. Defaults to
phpldapadmin.crt
- PHPLDAPADMIN_HTTPS_KEY_FILENAME: Apache ssl certificate private key filename. Defaults to
phpldapadmin.key
- PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME: Apache ssl CA certificate filename. Defaults to
ca.crt
Reverse proxy HTTPS :
- PHPLDAPADMIN_TRUST_PROXY_SSL: Set to
true
to trust X-Forwarded-Proto header
Ldap client TLS/LDAPS :
-
PHPLDAPADMIN_LDAP_CLIENT_TLS: Enable ldap client tls config, ldap server certificate check and set client certificate. Defaults to
true
-
PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT: Set ldap.conf TLS_REQCERT. Defaults to
demand
-
PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME: Set ldap.conf TLS_CACERT to /container/service/ldap-client/assets/certs/$PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME. Defaults to
ldap-ca.crt
-
PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME: Set .ldaprc TLS_CERT to /container/service/ldap-client/assets/certs/$PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME. Defaults to
ldap-client.crt
-
PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME: Set .ldaprc TLS_KEY to /container/service/ldap-client/assets/certs/$PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME. Defaults to
ldap-client.key
More information at : http://www.openldap.org/doc/admin24/tls.html (16.2.2. Client Configuration)
Other environment variables:
- PHPLDAPADMIN_SSL_HELPER_PREFIX: ssl-helper environment variables prefix. Defaults to
phpldapadmin
, ssl-helper first search config from PHPLDAPADMIN_SSL_HELPER_* variables, before SSL_HELPER_* variables. - LDAP_CLIENT_SSL_HELPER_PREFIX: ssl-helper environment variables prefix. Defaults to
ldap
, ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.
Set your own environment variables
Use command line argument
Environment variables can be set by adding the --env argument in the command line, for example:
docker run --env PHPLDAPADMIN_LDAP_HOSTS="ldap.example.org" \
--detach osixia/phpldapadmin:0.9.0
Link environment file
For example if your environment file is in : /data/environment/my-env.yaml
docker run --volume /data/environment/my-env.yaml:/container/environment/01-custom/env.yaml \
--detach osixia/phpldapadmin:0.9.0
Take care to link your environment file to /container/environment/XX-somedir
(with XX < 99 so they will be processed before default environment files) and not directly to /container/environment
because this directory contains predefined baseimage environment files to fix container environment (INITRD, LANG, LANGUAGE and LC_CTYPE).
Make your own image or extend this image
This is the best solution if you have a private registry. Please refer to the Advanced User Guide just below.
Advanced User Guide
Extend osixia/phpldapadmin:0.9.0 image
If you need to add your custom TLS certificate, bootstrap config or environment files the easiest way is to extends this image.
Dockerfile example:
FROM osixia/phpldapadmin:0.9.0
MAINTAINER Your Name <your@name.com>
ADD https-certs /container/service/phpldapadmin/assets/apache2/certs
ADD ldap-certs /container/service/ldap-client/assets/certs
ADD my-config.php /container/service/phpldapadmin/assets/config/config.php
ADD environment /container/environment/01-custom
Warning: if you want to install new packages from debian repositories, this image has a configuration to prevent documentation and locales to be installed. If you need documentation and locales remove the following files : /etc/dpkg/dpkg.cfg.d/01_nodoc and /etc/dpkg/dpkg.cfg.d/01_nolocales
Make your own phpLDAPadmin image
Clone this project :
git clone https://github.com/osixia/docker-phpLDAPadmin
cd docker-phpLDAPadmin
Adapt Makefile, set your image NAME and VERSION, for example :
NAME = osixia/phpldapadmin
VERSION = 0.9.0
becomes :
NAME = billy-the-king/phpldapadmin
VERSION = 0.1.0
Add your custom certificate, environment files, config.php ...
Build your image :
make build
Run your image :
docker run -d billy-the-king/phpldapadmin:0.1.0
Tests
We use Bats (Bash Automated Testing System) to test this image:
Install Bats, and in this project directory run :
make test
Kubernetes
Kubernetes is an open source system for managing containerized applications across multiple hosts, providing basic mechanisms for deployment, maintenance, and scaling of applications.
More information:
A kubernetes example is available in example/kubernetes
Under the hood: osixia/web-baseimage
This image is based on osixia/web-baseimage. More info: https://github.com/osixia/docker-web-baseimage
Security
If you discover a security vulnerability within this docker image, please send an email to the Osixia! team at security@osixia.net. For minor vulnerabilities feel free to add an issue here on github.
Please include as many details as possible.
Changelog
Please refer to: CHANGELOG.md